nebula

mirror of https://github.com/slackhq/nebula.git synced 2025-12-06 02:30:57 -08:00

Author	SHA1	Message	Date
Jack Doan	a89f95182c	Firewall types and cross-stack subnet stuff (#1509 ) Some checks failed gofmt / Run gofmt (push) Has been cancelled Details smoke-extra / Run extra smoke tests (push) Has been cancelled Details smoke / Run multi node smoke test (push) Has been cancelled Details Build and test / Build all and test on ubuntu-linux (push) Has been cancelled Details Build and test / Build and test on linux with boringcrypto (push) Has been cancelled Details Build and test / Build and test on linux with pkcs11 (push) Has been cancelled Details Build and test / Build and test on macos-latest (push) Has been cancelled Details Build and test / Build and test on windows-latest (push) Has been cancelled Details * firewall can distinguish if the host connecting has an overlapping network, is a VPN peer without an overlapping network, or is a unsafe network * Cross stack subnet stuff (#1512) * experiment with not filtering out non-common addresses in hostinfo.networks * allow handshakes without overlaps * unsafe network test * change HostInfo.buildNetworks argument to reference the cert	2025-11-12 13:40:20 -06:00
Jack Doan	01909f4715	try to make certificate addition/removal reloadable in some cases (#1468 ) Some checks failed gofmt / Run gofmt (push) Has been cancelled Details smoke-extra / Run extra smoke tests (push) Has been cancelled Details smoke / Run multi node smoke test (push) Has been cancelled Details Build and test / Build all and test on ubuntu-linux (push) Has been cancelled Details Build and test / Build and test on linux with boringcrypto (push) Has been cancelled Details Build and test / Build and test on linux with pkcs11 (push) Has been cancelled Details Build and test / Build and test on macos-latest (push) Has been cancelled Details Build and test / Build and test on windows-latest (push) Has been cancelled Details * try to make certificate addition/removal reloadable in some cases * very spicy change to respond to handshakes with cert versions we cannot match with a cert that we can indeed match * even spicier change to rehandshake if we detect our cert is lower-version than our peer, and we have a newer-version cert available * make tryRehandshake easier to understand	2025-11-03 19:38:44 -06:00
Nate Brown	52623820c2	Drop inactive tunnels (#1427 ) Some checks failed gofmt / Run gofmt (push) Has been cancelled Details smoke-extra / Run extra smoke tests (push) Has been cancelled Details smoke / Run multi node smoke test (push) Has been cancelled Details Build and test / Build all and test on ubuntu-linux (push) Has been cancelled Details Build and test / Build and test on linux with boringcrypto (push) Has been cancelled Details Build and test / Build and test on linux with pkcs11 (push) Has been cancelled Details Build and test / Build and test on macos-latest (push) Has been cancelled Details Build and test / Build and test on windows-latest (push) Has been cancelled Details	2025-07-03 09:58:37 -05:00

3 commits